Refine
Year of publication
- 2019 (5) (remove)
Document Type
- Conference Proceeding (5) (remove)
Language
- English (5) (remove)
Has Fulltext
- yes (5)
Keywords
- Browser (2)
- Authentication (1)
- Authentifikation (1)
- Automation (1)
- Black box testing (1)
- Blackbox (1)
- Browser Cache (1)
- Evaluation (1)
- Internet (1)
- Password (1)
Risk-based authentication (RBA) is an adaptive security measure to strengthen password-based authentication. RBA monitors additional implicit features during password entry such as device or geolocation information, and requests additional authentication factors if a certain risk level is detected. RBA is recommended by the NIST digital identity guidelines, is used by several large online services, and offers protection against security risks such as password database leaks, credential stuffing, insecure passwords and large-scale guessing attacks. Despite its relevance, the procedures used by RBA-instrumented online services are currently not disclosed. Consequently, there is little scientific research about RBA, slowing down progress and deeper understanding, making it harder for end users to understand the security provided by the services they use and trust, and hindering the widespread adoption of RBA.
In this paper, with a series of studies on eight popular online services, we (i) analyze which features and combinations/classifiers are used and are useful in practical instances, (ii) develop a framework and a methodology to measure RBA in the wild, and (iii) survey and discuss the differences in the user interface for RBA. Following this, our work provides a first deeper understanding of practical RBA deployments and helps fostering further research in this direction.
Online services such as social networks, online shops, and search engines deliver different content to users depending on their location, browsing history, or client device. Since these services have a major influence on opinion forming, understanding their behavior from a social science perspective is of greatest importance. In addition, technical aspects of services such as security or privacy are becoming more and more relevant for users, providers, and researchers. Due to the lack of essential data sets, automatic black box testing of online services is currently the only way for researchers to investigate these services in a methodical and reproducible manner. However, automatic black box testing of online services is difficult since many of them try to detect and block automated requests to prevent bots from accessing them.
In this paper, we introduce a testing tool that allows researchers to create and automatically run experiments for exploratory studies of online services. The testing tool performs programmed user interactions in such a manner that it can hardly be distinguished from a human user. To evaluate our tool, we conducted - among other things - a large-scale research study on Risk-based Authentication (RBA), which required human-like behavior from the client. We were able to circumvent the bot detection of the investigated online services with the experiments. As this demonstrates the potential of the presented testing tool, it remains to the responsibility of its users to balance the conflicting interests between researchers and service providers as well as to check whether their research programs remain undetected.
The 12th Annual Meeting of the Sponsoring Group Reinsurance [Förderkreis Rückversicherung] was held 5th July 2019 in Niederkassel, near Cologne. Some 80
representatives of the (re)insurance companies involved in the Sponsoring Group took part in the meeting, along with guests. Offered for the fifth time as part of the
Annual Meeting, the Researchers’ Corner gave eight members of academic staff at the Cologne Research Centre for Reinsurance an opportunity to deliver a presentation on their respective current research projects. In three sessions – each featuring 2-3 parallel lectures with posters – the most important results of the scientific studies by the Cologne Research Centre for Reinsurance were presented and discussed. The heterogeneity of the topics presented by academic staff reflects the dovetailing of Cologne Research Centre with reinsurance practice.
Session 1
a) Manuel Dietmann (M.Sc.): The increasing importance of the riskmanagement function in insurance companies
b) Robert Joniec (M.Sc., FCII, cand. PhD): How is the reinsurance cycle doing?
c) Wolfgang Koch (M.Sc., FCII): Information asymmetries between reinsurance brokers and assignors
Session 2
a) Jörg Dirks (M.Sc., FCII): Unmanned aircraft – Evolution of the market for aviation (re-)insurance
b) Fabian Lassen (M.Sc., FCII): Reducing volatility through use of an insurance swap
c) Fabian Pütz (M.Sc., cand. PhD): Transferring cat risks from emerging markets from a macroeconomic perspective Session 3
a) Kai-Olaf Knocks (M.A., FCII): The ILS market in 2019 – discouragement or wait-and-see?
b) Lihong Wang (M.Sc., FCII, cand. PhD): China InsurTech development
With the publication series, ‘Proceedings of the Researchers’ Corner’, the Cologne Research Centre for Reinsurance meets the desire for publication of the research results of our scholars together with the accompanying posters and discussions. The titles are reproduced in keeping with the above agenda of the Researchers’ Corner for the 12th Annual Meeting of the Sponsoring Group Reinsurance. As part of the event, Prof. Materne also conducted an interview with Mr Ingo Wichelhaus (Senior Director, Mount Street) on the topic of risk management and portfolio management. Particular attention was devoted to the broad spectrum of risk for financing in the shipping sector.
STEPsCON 2018 was jointly organized by the Faculty of Applied Natural Sciences of TH Köln (Germany) and the University of Oulu (Finland) on the occasion of the 50th anniversary of the Leverkusen – Oulu town twinning. The conference focused on sustainability issues and covered the current state of research in four key topics:
1. Sustainable Medicine and Pharmaceuticals
2. Resources and Bioremediation
3. Sustainable Chemistry & Industrial Biotechnology
4. Innovative Materials & Formulations
Web browsers use HTTP caches to reduce the amount of data to be transferred over the network and allow Web pages to load faster. Content such as scripts, images, and style sheets, which are static most of the time or shared across multiple websites, are stored and loaded locally when recurring requests ask for cached resources. This behaviour can be exploited if the cache is based on a naive implementation. This paper summarises possible attacks on the browser cache and shows through extensive experiments that even modern web browsers still do not provide enough safeguards to protect their users. Moreover, the available built-in as well as addable cache controls offer rather limited functionality in terms of protection and ease of use. Due to the volatile and inhomogeneous APIs for controlling the cache in modern browsers, the development of enhanced user-centric cache controls remains -until further notice- in the hands of browser manufacturers.